How can I remove Troj/Iframe-HJ?

Andrew,

Thanks very much. That is great information. Let me give you some more history and background for my concerns. While I was attempting to open an online bank account, a screen appeared - it apparently was not meant to appear - which referred to URL shortening and redirection, and gave me some concern. The bank claimed it had nothing to do with it. I then installed Sophos, and it produced a Troj/Iframe-HJ warning about an attachment to an email I had received in March. The email was a phony UPS notice with an attachment, and I thought I was aware of these kinds of things, but it came exactly when I was expecting a UPS shipment, and I have to suspect I clicked on the attachment, though I don't remember doing it.

I deleted the email after copying it and the attachment to a CD, for future reference, as well as deleting my entire Time Machine backup (at Apple support's recommendation) to remove back-up copies. The Sophos knowledge base, as well as Google, produced little information about Troj/Iframe-HJ that was useful to me. However when I Googled the name of the attachment, invoiceA43E088DB39ED40C.htm, I found more information, suggesting that the attachment pointed to a site which downloaded malware which captured and transmitted back credentials related to financial information. Most of what I saw seemed related to Windows, so I wondered how the subsequent malware could function on a Mac, but it seemed that some of the processing was done in Java, which seemed to be an environment which might make the Mac vulnerable (my guess, anyway). In any case the targeting of financial info, and the questionable screen appearing when opening a bank account, actually at the point when the new account number was displayed, has made me concerned about the possible extent of the intrusion. I also hoped that shutting down Java might eliminate an opportunity for this seemingly Windows-oriented malware to function on a Mac. I should also mention that I run a Windows virtual machine, using VMWare Fusion, but any issues so far have occurred in the OSX environment.

I have eliminated all other AV software than Sophos, and run two full scans with no other programs running, and with my three external drives disconnected. Is there anything else I can do to look for traces of this software, other than running the scans with the drives reconnected? Thanks very much for your assistance, and for your time.

John

Andrew,

Thanks very much. That is great information. Let me give you some more history and background for my concerns. While I was attempting to open an online bank account, a screen appeared - it apparently was not meant to appear - which referred to URL shortening and redirection, and gave me some concern. The bank claimed it had nothing to do with it. I then installed Sophos, and it produced a Troj/Iframe-HJ warning about an attachment to an email I had received in March. The email was a phony UPS notice with an attachment, and I thought I was aware of these kinds of things, but it came exactly when I was expecting a UPS shipment, and I have to suspect I clicked on the attachment, though I don't remember doing it.

I deleted the email after copying it and the attachment to a CD, for future reference, as well as deleting my entire Time Machine backup (at Apple support's recommendation) to remove back-up copies. The Sophos knowledge base, as well as Google, produced little information about Troj/Iframe-HJ that was useful to me. However when I Googled the name of the attachment, invoiceA43E088DB39ED40C.htm, I found more information, suggesting that the attachment pointed to a site which downloaded malware which captured and transmitted back credentials related to financial information. Most of what I saw seemed related to Windows, so I wondered how the subsequent malware could function on a Mac, but it seemed that some of the processing was done in Java, which seemed to be an environment which might make the Mac vulnerable (my guess, anyway). In any case the targeting of financial info, and the questionable screen appearing when opening a bank account, actually at the point when the new account number was displayed, has made me concerned about the possible extent of the intrusion. I also hoped that shutting down Java might eliminate an opportunity for this seemingly Windows-oriented malware to function on a Mac. I should also mention that I run a Windows virtual machine, using VMWare Fusion, but any issues so far have occurred in the OSX environment.

I have eliminated all other AV software than Sophos, and run two full scans with no other programs running, and with my three external drives disconnected. Is there anything else I can do to look for traces of this software, other than running the scans with the drives reconnected? Thanks very much for your assistance, and for your time.

John